Описание
The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with a file upload mechanism.
Ссылки
- Release Notes
- Third Party Advisory
- Release Notes
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 7.11.7 (исключая)
cpe:2.3:a:theme-fusion:avada:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 98%
0.56658
Средний
5.3 Medium
CVSS3
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 5.3
github
почти 2 года назад
The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with a file upload mechanism.
EPSS
Процентиль: 98%
0.56658
Средний
5.3 Medium
CVSS3
Дефекты
NVD-CWE-noinfo